'. '

FifthGraalAdventures

From APIDesign

(Difference between revisions)
Jump to: navigation, search

JaroslavTulach (Talk | contribs)
(New page: Fifth year has passed since I joined OracleLabs and it is time to look back and summarize. === Designing for Security === This item has already appeared in [[FourthGraalAdventur...)
Next diff →

Revision as of 05:23, 17 June 2020

Fifth year has passed since I joined OracleLabs and it is time to look back and summarize.

Designing for Security

This item has already appeared in last year's report, but it is important to remind it again in the light of new consequences. In summer 2019 Oracle ethical hacker team decided to attack GraalVM. They succeeded and managed to escape the Truffle framework scripting sandbox. However they were testing an older GraalVM release candidate and meanwhile I was working on secure scripting API which made it into the first customer release of GraalVM. It turned out that the attack vector was fully eliminated by my secure fixes!

Personal tools
buy